Florian Rüchel florian.ruechel.tor@inexplicity.de writes:
Hi everyone,
I am attaching the conversation from the assistants list over.
Here is the TL;DR: I want to write my master's thesis on Tor, preferrably on a topic that has to do with Hidden Services and/or Cryptography in Tor.
I have followed George's recommendations and read through some of the sources provided. In the end, several topics seem appealing to me, but before moving on I'd like to get some feedback from you guys on whether you'd consider the topics worth researching or even have some additional ideas.
Some comments follow:
HSDir tracking: I have taken a look at the idea of PIR ( https://en.wikipedia.org/wiki/Private_information_retrieval) and the problem associated with getting HS descriptiors. I have only looked at the theory of PIR so far and not yet an idea of how this can be accomplished (and to what extend) in practice.
This is worth researching and even implementing a PoC of. There are various places in the Tor protocols that PIR could be applied.
However I don't know how feasible it is for an MSc thesis. I remember that Ian Goldberg had a nice survey paper of PIR schemes. There are even some implementations of some PIR schemes floating the internet, but they are probably research quality implementations.
Certificates for HS: I find this topic particularly interesting and have followed the discussion. The general concept seems like a great thing to achieve and it could actually outperform the regular SSL/CA infrastructure stuff as it could remove the need for CAs. Unfortunately, this seems something that is not extensive enough to warrant a whole thesis. If you guys think otherwise, please let me know.
Tor with mix features: Tor has the explicit goal of being a low-latency network. However, there are several protocols where high-latency would be acceptable. I liked the idea of high latency HSes (https://lists.torproject.org/pipermail/tor-dev/2014-November/007818.html). I'd like to know what you think about this idea being viable. It would have the advantage of being very flexible from just a theoretic evaluation down to a real implementation so I could adjust this to my time. But only if this is actually desired so it does not need to stay theoretic. I think it would be very interesting to evaluate whether this can improve or hurt anonymity of low-latency users, as well.
I agree. Very interesting area. I'm hoping for Tor to move the area forward during the next one year. We will see.
Parallel research would be good. Some ideas to move forward: https://lists.torproject.org/pipermail/tor-dev/2014-November/007859.html
Traffic confirmation attacks: This is here more or less for completeness. I know this topic is open for several years and would be one of the most powerful countermeasures to deploy but unless someone has started on something that I could build upon, I don't see myself coming up with something useful here.
Guard discovery attacks: I have only read roughly what these attacks are. I'd like to know if it would make sense to take a deeper look here, i.e. you think extensive research is needed on that topic.
A few people are thinking about this actively, and I'm hoping that this topic will also move forward over the next months.
I believe that there is research to be done here. See the relevant thread for some directions.
Improving crypto for HSes: The blog entry on HS (https://blog.torproject.org/blog/hidden-services-need-some-love) vaguely states that crypto for HSes could be improved. However, the article is over a year old and I know the new rend-spec-ng exists, so I'd like to know whether there's anything here to work on. I have a fairly good background on cryptography, so I'd like to help here if help is needed.
Maybe check the part about the HSDir hashring? https://trac.torproject.org/projects/tor/ticket/8244 https://lists.torproject.org/pipermail/tor-dev/2013-November/005878.html
Cryptography: There's two proposal ideas, one from 2010 (https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-cry...) and one from 2011 (https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-new...) which builds on that. Has some of this been addressed? Is this still being worked on or just leftover that has already been integrated to the desired level? Would an analysis of the cryptography used in Tor make sense to you, i.e. building on those documents reviewing where and how Tor uses cryptography to secure its operations and evaluating the methods used?
Yes, a crypto/code audit would indeed be very useful.
Onion addresses: I took a look at several approaches around censorship-resistant lookups, e.g. the GNS (see George's recommendation below) and Aarown Swartz's proposal on squaring Zooko's triangle by achieving all three properties. I think it would be a cool thing if it were actually possible to improve onion addresses to be human-readable, especially when they get longer by using bigger keys in the future (since 80 bit won't suffice). I don't know if this is actually possible (I see some issues on Aaron's proposal and Dan Kaminsky confirmed them) but working out a scheme that makes handling the names easier for users while not sacrificing the security would help a lot, I think.
Yes, definitely interesting and worth doing. Many possible directions and ideas too.
See this thread http://archives.seul.org/or/dev/May-2013/msg00115.html for some ideas.
Another interesting idea is the anonymous blacklisting protocols, like Nymble. Making a practical (implementable) such protocol, would give us a very good push in the "block all Tor users from accesing our website" fight.
Also, feel free to drop by IRC. It's #tor-dev at OFTC. Most Tor developers are active there and would be glad to answer any questions.
This would be the bigger topics I have found on which I could see myself building a thesis. I also stumbled upon smaller research questions (e.g. whether running a bridge/relay is good, bad or doesn't make a difference for anonymity) but none of those warrant a full 6 month thesis so I discarded them for the moment.
If you could take the time to evaluate my ideas and let me know what you think, I'd greatly appreciate that. The hardest thing here as an outsider is to assess the current situation and figure out where work is actually needed and where problems/issues have already been addressed so any help from you guys would really help me.
Thanks in advance & Regards, Florian Rüchel
P.S.: George:
I'm about to relocate, so my reply will be short! Come and find us in CCC for more.
Unfortuantely, I don't know what you mean by CCC :(
Ah, I'm also a fan of the FluxFingers team :)
Great! Have played some CTFs for yourselves, then? Are you member of a team?
Thanks for your quick reply, it has helped me a great deal moving forward on this project.
On 12.11.2014 23:15, George Kadianakis wrote:
Florian Rüchel florian.ruechel.tor@inexplicity.de writes:
Hello everyone,
I am about to write my master's thesis and am evaluating Tor as my research topic. I have read through several documents (including the Ideas page of the research page and the Research page on the Volunteer's page). I also read "Hidden Services need some love" (https://blog.torproject.org/blog/hidden-services-need-some-love) and especially followed the section on cryptography (reading both proposals) with great interest.
Before diving into more of those documents that are available, I noticed you encourage people to contact you through this list should they wish to conduct research. Right now I am in a very early state as I have not chosen a topic yet. In my choice I want to do something that benefits the Tor network, satisfies my professor and involves topics I generally care for.
As noted above, I took particular interest in Hidden Services and general cryptography used by Tor. So if possible, I would like to have those two (or one of those topics) to focus my thesis on. Of course, I need to define my topic in such a way that it fits my time schedule (half a year, full-time) and that my professor accepts it.
Now, before moving any further I'd like to know if there are any further documents I should read that are more up to date than the documents indicated above (especially the crypto specs are from 2010/2011 so I don't know how far the network has moved here). It would also be interesting to know whether some of the issues described for Hidden Services are already addressed and whether my research would be better directed somewhere else.
I would be glad if you could take the time to respond to my request so as to help me define my topic better.
Greetings,
I'm about to relocate, so my reply will be short! Come and find us in CCC for more.
I'd first suggest you to join and skim over the [tor-dev] mailing list: https://lists.torproject.org/pipermail/tor-dev/ Especially this month there has been an increase of threads about hidden services, so I'd suggest you to check it out.
I'd also suggest you to read the recent blog post about the attacks against HSes: https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymo...
The blog post offers plenty of material for research, since it lists various attacks and issues with the security of HSes that we need to fix and would definitely benefit from further thinking. Check the guard discovery [tor-dev] thread for example.
Also check this recent thread: https://lists.torproject.org/pipermail/tor-dev/2014-October/007642.html which is part of figuring out work for a funded project. Most of those tasks are not very interesting for you, but you can find deeper research questions in some of them.
Another guy recently did his thesis on HS scaling: https://lists.torproject.org/pipermail/tor-dev/2014-April/006788.html
There is also this stuff: https://lists.torproject.org/pipermail/tor-dev/2013-November/005878.html related to the HSDir hashring in rend-spec-ng.txt.
And check out the "Trawling Hidden Services" paper by Ralf et al.
For example, on a more key management tone, petname systems for HSes would be very interesting, which is related to the recent work of GNUNet with GNS: https://gnunet.org/gns
BTW, keep in mind that some of these projects will be moving during the next year.
Also, if you have public questions which would benefit more people, it would be great if you could post in [tor-dev] instead of here. It's good to answer obscure HS questions in public so that more people can understand the protocol.
Ah, I'm also a fan of the FluxFingers team :)
Thanks for the interest and hope this was useful.
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev